Protecting mount points from accidental unencrypted writes?

On Linux, the only way to produce a reproducible mounting location is to use manually specified empty directories as mount points.

When mounting volumes at a mount point, there’s the risk of accidentally writing to the mount point path when no volume is mounted. In the case of cryptomator, this means that the data will be unencrypted on the local drive (minor issue), and not actually in the synchronized encrypted directory (more of an issue).

On Windows I avoid this issue by mounting cryptomator volumes as drives. When a drive is not present, it cannot be written to and that’s the end of it.

On Linux, I find recommendation to make the directory unwriteable by either (chown -w /path/to/mountpoint) or attributes (sudo attr +i /path/to/mountpoint).

But if I do this with Cryptomator, mounting the encrypted volume fails (see Error Log #1 below.)

Is there any way such protection can be achieved for Cryptomator mount points?

Error Log #1

org.cryptomator.common.vaults.Volume$VolumeException: Unable to mount Filesystem
	at org.cryptomator.common.vaults.FuseVolume.mount(FuseVolume.java:107)
	at org.cryptomator.common.vaults.FuseVolume.mount(FuseVolume.java:58)
	at org.cryptomator.common.vaults.Vault.unlock(Vault.java:129)
	at org.cryptomator.ui.unlock.UnlockWorkflow.attemptUnlock(UnlockWorkflow.java:103)
	at org.cryptomator.ui.unlock.UnlockWorkflow.call(UnlockWorkflow.java:80)
	at org.cryptomator.ui.unlock.UnlockWorkflow.call(UnlockWorkflow.java:43)
	at javafx.concurrent.Task$TaskCallable.call(Task.java:1425)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: org.cryptomator.frontend.fuse.mount.CommandFailedException: ru.serce.jnrfuse.FuseException: Unable to mount FS
	at org.cryptomator.frontend.fuse.mount.LinuxMounter.mount(LinuxMounter.java:24)
	at org.cryptomator.common.vaults.FuseVolume.mount(FuseVolume.java:105)
	... 12 more
Caused by: ru.serce.jnrfuse.FuseException: Unable to mount FS
	at ru.serce.jnrfuse.AbstractFuseFS.mount(AbstractFuseFS.java:287)
	at org.cryptomator.frontend.fuse.mount.LinuxMounter.mount(LinuxMounter.java:22)
	... 13 more
Caused by: ru.serce.jnrfuse.FuseException: Unable to mount FS, return code = 1
	at ru.serce.jnrfuse.AbstractFuseFS.mount(AbstractFuseFS.java:283)
	... 14 more
© 2021 Skymatic GmbH • Privacy PolicyImpressum